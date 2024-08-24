



Georgia Tech University

Dr. Emmanouil “Manos” Antonakakis directs a cybersecurity lab at Georgia Tech and has attracted millions of dollars from the U.S. government in recent years for Defense Department research projects like “Rhamnousia: Attributing Cyber ​​Actors Through Tensor Decomposition and Novel Data Acquisition.”

The government filed a lawsuit against Georgia Tech in federal court yesterday, naming Antonakakis specifically and claiming that neither he nor Georgia Tech followed basic (and required) security protocols for years, knew they were not in compliance with those protocols, and then submitted invoices for their DoD projects anyway. (Read the complaint.) The government claims this is fraud:

Ultimately, DoD paid for military technology that Defendants stored in an environment that was not protected from unauthorized disclosure, and Defendants did not even monitor for breaches so that they and DoD could be alerted if information was compromised. What DoD received in exchange for its funds was worthless, and did not reflect the benefit of its agreement.

OF hate

Given the nature of his work for the DoD, Antonakakis and his lab are required to follow numerous security regulations, including those outlined in NIST Special Publication 800171, “Protection of Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”

One rule states that machines that store or access such “controlled unclassified information” must be equipped with antivirus software. But according to the U.S. government, Antonakakis really doesn't like to install antivirus detection software on his lab's machines.

Georgia Tech administrators asked him to comply with the requirement, but according to an internal email from 2019, Antonakakis “was not receptive to such a suggestion.” In a follow-up email, Antonakakis himself said that “the endpoint [antivirus] “The agent is a failure.”

According to the government, “apart from Dr. Antonakakis' opposition, there was nothing preventing the laboratory from implementing antivirus protection. Dr. Antonakakis simply did not want to implement it.”

Antonakakis’ lab’s IT director was given permission to use other “mitigation measures,” such as relying on the school’s firewall for added security. The IT director said he believed Georgia Tech was running virus scans on its network. However, that “assumption” turned out to be completely false; the school’s network “never provided” antivirus protection, and even if it did, the lab used laptops that were routinely taken outside the network perimeter.

The school realized after some time that the lab was not complying with DoD contract rules, so an administrator decided to “hold billing” on the lab's contracts so the school would not be accused of filing false claims.

According to the government, “within days of the suspension of his contract billing, Dr. Antonakakis withdrew his long-standing opposition to the installation of antivirus software in the Astrolavos Laboratory. Georgia Tech's standard antivirus software was installed throughout the laboratory.”

But the government says the school never acknowledged that it had been out of compliance for some time and that it had filed numerous invoices when it was not in compliance. The government says this is fraud.

